When Good Goes Bad: 10 Most Dangerous Web Sites

10 Most Dangerous Web Sites

No, we're not talking about XXX sites, gambling and sketchy pharmaceutical spam. But even good Web sites can go bad. In fact, legitimate sites are often a much more lucrative target for hackers simply because they are trusted by millions of users all over the world. All hackers have to do is use the application on the site to distribute malicious code.

Sometimes it's as simple as posting a malicious link to the site and redirecting users to a malware site. Other times, they will install malicious code into the Web application or third-party content in a SQL injection attack and then sit back and reap the benefits of the high volumes of traffic.

Whatever their method, here are some of the sites that they seem to like best.


Talk about a field day for hackers. Any Web application with almost 500 million users is going to be a rich target. Facebook has experienced an upsurge of attacks since 2008 thanks to the Koobface virus.

Koobface, an anagram of Facebook, achieved rapid success by spoofing the profiles of existing users and then sending malware attacks to everyone on the users' contact list, aiming to steal personal and financial data such as credit card numbers, login credentials and other personal account information. Infected Koobface links were also used to direct users to fraudulent Facebook login sites, prompting them to re-enter their login credentials. The site was in actuality a spoofed page, designed to steal login information which would be used by the hackers for identity theft purposes and to send spam soliciting fake pharmaceuticals and other merchandise. The attack then incorporated the victims' computers in a malicious botnet, operated by a command and control center.

Koobface is alive and thriving today, continuing to spread Trojan horses and other malware to unsuspecting users on Facebook, as well as MySpace, bebo and other social networking sites. And, not surprisingly, security experts contend that it is one of the most prevalent pieces of malware on the Internet.


Following swiftly on the heels of the social networking giant Facebook is Twitter, and its popularity has not gone unnoticed by hackers. The micro-blogging site is a rich playing field for malicious attacks, which usually come in the form of infected URLs that download malware onto users' computers. Meanwhile, hackers routinely exploit the trust users have by spoofing users' profiles and then tricking contacts into opening an infected link via some social engineering scheme.

Last year, a Twitter worm made its rounds, compromising thousands of users' accounts by enticing users to download rogue antivirus software created to steal passwords and take control of users' computers. In addition, the site has repeatedly been subject to a spate of phishing attacks that redirected users to a fake login page and then tricked them into submitting their personal information and login credentials.


It stands to reason that the most visited site on the Internet would also be a prime target for hackers. Google is routinely exploited by attackers who use search engine poisoning techniques to get malicious sites up to the top of the search page rankings. Then hackers count on the fact that users who type in search terms naturally gravitate toward the links at the top of the site.

Meanwhile, hackers have also targeted Gmail users and popular Google apps, such as Google Docs, which have been vulnerable to attacks that aim to access users' personal and financial information for identity theft purposes.

URL Shortening Sites: TinyURL, Bit.ly

Blame this one on the Twitter craze. Attacks on URL shortening sites such as TinyURL have experienced rapid growth due to increased traffic on sites such as Twitter, which only allow entries of 140 characters or less.

Meanwhile, the shortened URL provides a perfect foil for hackers by masking the entirety of a malicious domain and making it appear legitimate to most users. Unsuspecting users are tricked into clicking on the links, which are disguised as legitimate domains, usually because the attacks appear to be sent from someone they know. However, once they open the link, they're usually taken to malicious sites that download malware onto their computers.

The good news is that Twitter has partnered with some of its URL shortening sites in an attempt to crack down on attacks exploiting those services. But they're still out there.


No surprises here. Hackers routinely have exploited YouTube to entice users to download infected video codecs. Most users won't think twice about clicking on a link that comes from YouTube, or looks like it does, especially if it appears to come from someone they know. To ensure their attack is successful, hackers will incorporate the malicious video download as part of a greater social networking ploy. Generally, a hacker will hijack an e-mail or social networking profile, and then use the spoofed profile as a way to entice users into opening the message and clicking the malicious link. A victim will receive a message that says something like "you were caught on video" coupled with a link to YouTube. Like moths to a flame, most users will surely click.

Image Hosting: DropBox, Image Shack

Everyone loves images. And it should come as no surprise that the abundance of image sharing across the Web has expanded new and existing vectors for malware attacks. Subsequently, hackers have found success in launching attacks that exploit users' curiosity by infecting images and then enticing users to open them, usually through some kind of social engineering scheme.

No doubt, the image hosting forum opens up the floodgates for attacks. On these sites, users upload a photo and then are redirected to a page containing different versions of URLs to the uploaded image, formatted in a variety of HTML and Bulletin Board code, which can be used to link them to myriad Web sites.

But what ostensibly is a great way to share images is also a great way for hackers to distribute malware. All attackers have to do is spoof an e-mail address or social networking site and then send a social engineering attack that links to a malicious image file. Security experts say that if users receive an unexpected link to one of these sites, there's a good chance that it's infected.

Banking/Financial Sites

Almost all banking and financial institutions have experienced a hack at some point. In the past, hackers were able to distribute malware by injecting malicious code into the banking page in drive-by download attacks, designed to steal sensitive and critical data such as bank account and credit card numbers.

In addition, hackers routinely create fake phishing sites that spoof legitimate banking Web pages to obtain users' bank account and credit card numbers, as well as login credentials and personal information.

Any site that facilitates financial transactions is going to be ripe for the pickings for hackers.

Gaming Sites

Gaming sites are lucrative targets for hackers. Why? So often gamers play for hard-earned financial prizes. Hackers will frequently download malware onto these sites that mine gamers' account information and login credentials, as well as credit card information. That trend was evident in an attack in which hackers infiltrated the Sony PlayStation Web site to install malware by enticing users to download and pay for phony software.

Attackers are also not above hijacking sites and taking control of the gamers' accounts, and then threatening to delete the gamers' profile or set their score back to zero if certain financial demands are not met. Many gamers feel compelled to pay out or risk losing their winnings.

Celebrity Sites

Pop culture reigns. Celebrity sites will always be targets because people love them. Third-party content on legitimate security sites will routinely get hacked as people trawl the Web in search of Jennifer Aniston, Shakira and Jessica Simpson. Meanwhile, because of the pervasiveness of celebrity sites, it's almost impossible to distinguish the legitimate sites from the ones that distribute malware.

News/Government Sites

These sites are sitting ducks simply because they provide an instant audience for hackers looking to distribute malicious code. CNN, the White House, the Pentagon, President Obama's Web Site and the French Embassy have all been victims of malware campaigns using SQL injection attacks in which attackers exploited vulnerabilities on the Web sites that were guaranteed to bring in significant amounts of traffic.

Last year a malicious cyberattack thought to be launched from North Korea targeted South Korean and U.S. government computers, shutting down the Web sites of the White House, the Pentagon and the New York Stock Exchange.

And the Web pages of President Barack Obama and Republican presidential candidate John McCain were targeted by hackers in a malicious cyberattack designed to steal sensitive data from users who visited the site. The attacks came just two days after the U.S. presidential election.

While there might not be any way to immediately recognize a malware attack delivered by a legitimate site, users can prepare for the worst with up-to-date antimalware and other security software.